From 336fbedc759a9c47f20f2d385b844c129bb4c4b5 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sun, 16 Jan 2022 14:10:46 -0600
Subject: [PATCH] Fix:Library controller middleware for user accessible
 libraries

---
 server/controllers/LibraryController.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/server/controllers/LibraryController.js b/server/controllers/LibraryController.js
index 0f6c1380..7576c4ce 100644
--- a/server/controllers/LibraryController.js
+++ b/server/controllers/LibraryController.js
@@ -38,12 +38,6 @@ class LibraryController {
   }
 
   async findOne(req, res) {
-    var librariesAccessible = req.user.librariesAccessible || []
-    if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.library.id)) {
-      Logger.warn(`[LibraryController] Library ${req.library.id} not accessible to user ${req.user.username}`)
-      return res.sendStatus(404)
-    }
-
     if (req.query.include && req.query.include === 'filterdata') {
       var books = this.db.audiobooks.filter(ab => ab.libraryId === req.library.id)
       return res.json({
@@ -424,6 +418,12 @@ class LibraryController {
   }
 
   middleware(req, res, next) {
+    var librariesAccessible = req.user.librariesAccessible || []
+    if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.params.id)) {
+      Logger.warn(`[LibraryController] Library ${req.params.id} not accessible to user ${req.user.username}`)
+      return res.sendStatus(404)
+    }
+
     var library = this.db.libraries.find(lib => lib.id === req.params.id)
     if (!library) {
       return res.status(404).send('Library not found')